package com.viu.technology.config.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.viu.technology.filter.JwtAuthenticationTokenFilter;
import com.viu.technology.handler.EntryPointUnauthorizedHandler;
import com.viu.technology.handler.RestAccessDeniedHandler;

/**
 * jwt认证方式（前后端分离）
 */

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启security方法级别权限控制注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private UserDetailsService userDetailsService;
	@Autowired
	private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
	@Autowired
	private EntryPointUnauthorizedHandler entryPointUnauthorizedHandler;
	@Autowired
	private RestAccessDeniedHandler restAccessDeniedHandler;
	@Autowired
	private PasswordEncoder passwordEncoder;

	@Autowired
	private SimpleUrlAuthenticationSuccessHandler successHandler;

	@Autowired
	private SimpleUrlAuthenticationFailureHandler failureHandler;

	@Bean
	@Override
	protected AuthenticationManager authenticationManager() throws Exception {
		return super.authenticationManager();
	}

	/*
	 * @Autowired public void configureAuthentication(AuthenticationManagerBuilder
	 * authenticationManagerBuilder) throws Exception {
	 * authenticationManagerBuilder.userDetailsService(this.userDetailsService).
	 * passwordEncoder(passwordEncoder); }
	 */

	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {
		httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

				.and().authorizeRequests()
				.antMatchers("/demo/**", "/user/generate/token", "/user/login", "/user/register").permitAll()
				// .antMatchers("/demo/user/getUserInfo**").hasAnyAuthority("管理员")
				.anyRequest().authenticated().and().headers().cacheControl();

		// 添加认证过滤
		httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
		// 添加权限不足及验证失败处理器
		httpSecurity.exceptionHandling().authenticationEntryPoint(entryPointUnauthorizedHandler)
				.accessDeniedHandler(restAccessDeniedHandler);

	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

}